Checklist 445: Ransomware Revisited and a Bigger Bug Bounty

Asahi Confirms Ransomware Attack, Qilin Gang Claims Data Theft

Japan’s largest brewer, Asahi, has confirmed that the cyber incident it suffered earlier this month was, in fact, a ransomware attack — and now it appears personal data may have been stolen.

In Checklist No. 443, the attack was initially described as “duck-like” — suspiciously quacking but not officially labeled ransomware. At the time, Asahi said no customer or commercial data had been taken. However, that’s since changed.

According to The Register, Asahi has now “identified the possibility that personal information may have been subject to unauthorized data transfer.” The publication also reports that the Qilin ransomware group has claimed responsibility, boasting of stealing roughly 27 GB of data, including contracts, forecasts, employee records, and financial details. Samples reviewed by The Register reportedly include employee ID cards and personal documents.

The aftermath continues to ripple through the company: Asahi has postponed its quarterly financial results, citing ongoing system disruptions and loss of access to accounting data. The brewer says it’s working to restore systems but cannot yet provide a recovery timeline.

Ransomware Surges 50% in the UK — Experts Warn: “Act as If an Attack Is Inevitable”

If you were hoping for good ransomware news, 2025 isn’t your year. According to The Register, a new report from the UK’s National Cyber Security Centre (NCSC) shows a 50% year-over-year increase in “highly significant” ransomware and data theft incidents.

Things aren’t much brighter globally. ThreatDown, a division of Malwarebytes, reports a 25% global rise in ransomware attacks between July 2024 and June 2025, peaking at over 1,000 incidents in February 2025. The firm’s 2025 State of Ransomware report attributes the surge to the doubling of active ransomware groups in the past three years — a result of commoditized malware, AI-assisted tools, and low barriers to entry.

Even established groups are unstable. ThreatDown found the ransomware “top tier” in constant churn, with new groups replacing old ones so quickly that monthly volatility rose 50%.

For individuals, the advice is back to basics — and vigilance. Stay alert for phishing and social engineering, avoid using personal devices for work without IT clearance, and use strong, unique passwords (or vetted password managers).

The message from NCSC CEO Richard Horne is stark:

“Cybersecurity is now a matter of business survival and national resilience… Every leader must have a plan to defend against criminal cyberattacks and a plan for continuity.”

In other words: if your systems went dark tomorrow, could you keep operating? If the answer is “no” or “don’t know,” Horne warns, it’s time to act.

Apple Doubles Top Bug Bounty to $2 Million — or $5 Million with Bonuses

Apple is sweetening the pot for ethical hackers. As reported by Wired via Ars Technica, the tech giant announced at the Hexacon offensive security conference in Paris that it’s doubling its top bug bounty payout from $1 million to $2 million for a chain of exploits that could enable spyware-level attacks.

But that’s not all. Apple has introduced a bonus structure that could push total payouts as high as $5 million for especially severe findings — specifically, exploits that can bypass Lockdown Mode or are discovered during beta testing.

While the new ceiling sounds impressive, few have ever come close. Since revamping its program in 2019, Apple says it has paid out over $35 million to more than 800 researchers, averaging about $43,750 per payout. “Top-dollar payouts are very rare,” Wired notes, though Apple’s VP of Security Engineering and Architecture said the company has issued multiple $500,000 rewards in recent years.

Despite those numbers, the move underscores Apple’s growing recognition of ethical hackers as frontline defenders in the fight against spyware and advanced threats — and perhaps an attempt to keep them from looking for darker paydays.